Yet another 'critical' Firefox flaw

Yet another 'critical' Firefox flaw

Summary: Firefox as a high-priority browser

TOPICS: Browser
Less than 24 hours before the scheduled release of Firefox as a high-priority browser refresh, a new "critical" vulnerability has been reported by Polish hacker Michal Zalewski.

Zalewski, who appears to be running an unofficial MOFFB (month of Firefox bugs) project, released a demo of a memory corruption issue that crashes the browser and puts users at risk of PC takeover attacks.

"Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability. When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed memory structures are left in inconsistent state, possibly leading to a remote compromise," Zalewski warned.

Mozilla's security team is tracking the issue.

Zalewski's ongoing browser research has also uncovered a "quite nasty" flaw in Microsoft's Internet Explorer 7.

He described the IE 7 issue as a "combination-type vulnerability" that allows the attacker to:

a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left by normal means (this is a known brain-damaged design of onUnload Javascript handlers),

b) Spoof transitions between pages so that the user thinks he actually managed to leave the affected site, and so that the URL bar displays other addresses we didn't actually go to.

"This opens a plethora of spoofing/phishing scenarios," Zalewski warned. A demonstration page is available for testing purposes.

So far this month, Zalewski's demos have included focus bugs, a location.hostname issue (critical), a blank bug, a bookmark issue and today's unload and trap flaws.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I'm betting on mozilla fixing their product first before microsoft . <NT>

    • Unlikely.

      I doubt you would actually make that bet. Given the volume of spam you have polluted other topics with, "intelli"hence, you seem to spend most of your waking time demonstrating the depths of your ignorance.

      Thus, it's unlikely you actually have a job, and thus I doubt you have the wherwithal to make a bet.

      For those who actually want to discuss the merits of this topic, I apologize. But this response adds, at the very least, the same value to this discussion as the original comment it's targeted at. (i.e. for the interpretive benefit of "intelli"hence, it's no worse than useless.)
      • Sorry son , I don't do SPAM , like you would have others believe .

        Put up or shut up . I'll make a 100.00 bet . If anything , put your money were your mouth is ? I already have !

        "In a world without walls and fences , who needs windows and gates."
        • I'm with hickum on this ine

          you pretty much have little to say other then to try to spin other companies blunders and incompetence into an MS issue.

          "In a world with Windows and Gates, we are no longer stuck behind walls and fences"
          John Zern
  • The cult of retards...

    It amazes me how the cult of FF have switched from one security nightmare (IE 6/7) straight into another nightmare (FF).

    Get a clue.

    [url=]Opera 9.1[/url]. For those of us who don't buy into the BS of Microsoft OR Mozilla.
    • I've said it before...

      Opera may be good security wise, but it's a niche browser because of it's inability to display sub-standard sites.. To bad because even I'd like to switch to it.
      • You should try the widgets

        They are far more entertaining than the plug-ins of Mozilla.
        • I tried them...

          I like them.. I just haven't converted to Opera because again. It doesn't support pages that are "broken".

          It's fine to say.. "People should follow standards" and leave it at that.. But it's another to complain there isn't wide stream adoption when you're trying to play "stubborn" against the world over standards. It's a "GOOD LUCK" race. :)
          • Treat Websites like ISO Compliance

            If you aren't compliant, you don't get my business.

            You would be surprised at how quickly people fall under compliance then.
          • Although agreed...

            The problem with that line of thinking is..

            That is WHY Opera will stay niche. I'd love to convert, problem is.. It's a sub-standard browser that doesn't support real-world equations.

            You can't get 3 billion people to follow a standard, but you sure as hell in a browser can compensate for common weaknesses in standards.
          • Re: Although agreed...

            Convert to? From?
          • Convert from Firefox... (NT)

          • Re: Treat Websites like ISO Compliance

            [i]If you aren't compliant, you don't get my business.[/i]

            I agree with you *in theory*. Unfortunately, there are plenty of standards-compliant sites that are not rendered correctly even in Opera ? and I say this from experience, as a standards-conscious developer.
    • hmmm...

      Well I would rather have that then the alternative. I dont see alot of browers out there that dont have a bug or 2.
  • Mozilla also taking care of V1.5.0.nn users?

    I'm still using FF, but noticed an update over the weekend making it ... has that version been treated to the same security update that the 2.0 users got?
  • May be fixed

    Browsing the developer chatter associated with this test, it looks as though they may already have fixed it. I just updated FF a day or two ago and it refuses to crash when I click the link.